Validos Resources

This is a curated collection of open source compliance related resources maintained by Validos r.y., an association established to help its members share open source compliance related work and information. For more information on Validos, please see the Validos main site.

This list is maintained in a GitHub repo and is open to contributions from members and non-members alike. If you have a high-quality resource in mind that is missing from the list, feel free to drop us an email (team at validos dot org) - or just create a pull request!

Introductory and Training Resources

Guides and Tutorials

Open Source Compliance in the Enterprise (press release, download page) by Ibrahim Haddad, published by the Linux Foundation. A guide for enterprises for establishing an open source management program and other best practices.

Practical GPL Compliance (blog post, PDF), a guide by Armijn Hemel and Shane Coughlan, published by the Linux Foundation. A hands-on resource for businesses and engineers tackling with GPL compliance. The guide includes instructions, checklists and flowcharts for setting up compliance measures to meet GPL requirements such as including proper notices and making the source code available in “complete and corresponding” form.

Reuse.software by FSF Europe. FSFE’s take on developer best practices for expressing license and copyright information in FOSS projects.

FAQs and Other Commentary

Frequently Asked Questions about the GNU Licenses (GPL FAQ) by the Free Software Foundation. Includes FSF’s interpretations on various GPL-related questions, such as the scope of the GPL copyleft effect, static vs. dynamic linking, providing corresponding sources, mutual compatibility of GNU licenses, etc.

Various Licenses and Comments about Them by the Free Software Foundation. Includes FSF’s comments on various OSS licenses, particularly regarding what licenses they consider compatible with the GNU licenses.

Books

Journals

International Free and Open Source Software Law Review (IFOSS L. Rev) - A collaborative legal publication aiming to increase knowledge and understanding among lawyers about issues around Free and Open Source Software. Topics covered include copyright, license implementation, license interpretation, software patents, open standards, case law and statutory changes.

Compliance Tools

Open source

FOSSology - An OSS compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. A database and a web UI are provided for a compliance workflow.

Eclipse SW360 - A software component catalogue application designed to work with FOSSology.

SPDX tools - Various tools to help users and producers of SPDX documents.

jslicense - Software licensing and compliance tools for the npm ecosystem. Check out e.g. licensee.js which enables you to check package.json license information in project dependencies against SPDX-based rules. For CI purposes, the rules can also be enforced via passing/failing tests.